Code Injection in SnapCreek Duplicator

#VU31203 Code Injection in SnapCreek Duplicator

Published: 2018-09-19 | Updated: 2020-07-17

Vulnerability identifier: #VU31203

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17207

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SnapCreek Duplicator
Web applications / Modules and components for CMS

Vendor: SnapCreek

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SnapCreek Duplicator: 1.2.0 - 1.2.40

External links
http://snapcreek.com/duplicator/docs/changelog/?lite
http://www.synacktiv.com/ressources/advisories/WordPress_Duplicator-1.2.40-RCE.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Code Injection in SnapCreek Duplicator